Flaw found in Cisco, Juniper and IBM kit

Glitch in routing software could open the door to denial-of-service attacks, British security team warns.

2 min read
A software flaw that affects products from Cisco Systems, Juniper Networks and IBM has been announced by Britain's national emergency response team.

The National Infrastructure Security Co-ordination Centre, part of the U.K. Home Office, has published details of a denial-of-service vulnerability that can affect routers' ability to handle traffic using TCP, or Transmission Connection Protocol, a widely used protocol for sending data over the Internet. Hackers commonly use denial-of-service attacks to flood target computers with data so they fail to work.

"The impact of the ICMP TCP reset vulnerability varies by vendor and application, but in some deployment scenarios it is likely to be rated medium to high," the NISCC said in an advisory Tuesday. "If exploited, (this) could allow an attacker to create a denial-of-service condition against existing TCP connections, resulting in premature session termination."

Cisco is advising customers to update their products. It said the problem affects PIX firewalls and all products running IOS--the operating system used by the majority of Cisco routers.

"There is a free software fix available," a Cisco representative said. "It's an industry issue. We worked with NISCC to coordinate" the fix. He added that the company had known about the issue for some time.

IBM has said that its AIX operating system is also vulnerable. The company did not respond in time for the publication of this article.

"Juniper has identified the issue and has provided a software fix," said Susan Ursch, a spokeswoman for Juniper, on Wednesday. A Juniper statement on NISCC's Web site read: "Juniper Networks M-series and T-series routers running certain releases of Junos software are susceptible to this vulnerability."

Customers with service contracts can log into the restricted area on the Juniper Web site, where they go to upgrade JUNOS software on a regularly scheduled quarterly basis, Ursch said.

Although Cisco, Juniper and IBM are unlikely to be the only companies affected by the vulnerability, their products form a large part of the Internet's infrastructure.

NISCC has published details of how to identify and fix the problem on its Web site.

Dan Ilett of ZDNet UK reported from London. CNET News.com's Marguerite Reardon contributed to this report.